| Age | Commit message (Collapse) | Author |
|---|
|
Closes #22936
|
|
Adds a `--fix` option to deno lint. This currently doesn't work for
basically any rules, but we can add them over time to deno lint.
|
|
|
|
(#22944)
Closes https://github.com/denoland/deno/issues/22934
|
|
Part of #22907
|
|
config file (#22924)
Investigation from #17298
|
|
|
|
|
|
Co-authored-by: Matt Mastracci <matthew@mastracci.com>
|
|
|
|
|
|
Fixes #19214.
We were using the `idna` crate to implement our polyfill for
`punycode.toASCII` and `punycode.toUnicode`. The `idna` crate is
correct, and adheres to the IDNA2003/2008 spec, but it turns out
`node`'s implementations don't really follow any spec! Instead, node
splits the domain by `'.'` and punycode encodes/decodes each part. This
means that node's implementations will happily work on codepoints that
are disallowed by the IDNA specs, causing the error in #19214.
While fixing this, I went ahead and matched the node behavior on all of
the punycode functions and enabled node's punycode test in our
`node_compat` suite.
|
|
In
https://github.com/denoland/deno/pull/22720/files#diff-d62d85de2a7ffb816cd2fdbaa47e588352f521c7c43d058b75649bbb255e0ae1R70
, I copy and pasted from another area of the code and didn't think about
removing how it ignores the vendor folder by default.
|
|
|
|
|
|
This is an unrealistic scenario, but it's still a good thing to fix and
have a test for because it probably fixes some other underlying issues
with how the gitignore was being resolved for the root directory.
From https://github.com/denoland/deno/pull/22720#issuecomment-1986134425
|
|
When type checking, we should just resolve css files in npm packages and
not surface a type checking error on the specifier.
|
|
(#22790)
This allows explicitly overriding a .gitignore by specifying files and
directories in "include". This does not apply to globs in an include as
files matching those will still be gitignored. Additionally,
individually gitignored files within an included directory will still be
ignored.
|
|
Regression from https://github.com/denoland/deno/pull/22720
|
|
1. Stops `deno publish` using some custom include/exclude behaviour from
other sub commands
2. Takes ancestor directories into account when resolving gitignore
3. Backards compatible change that adds ability to unexclude an exclude
by using a negated glob at a more specific level for all sub commands
(see https://github.com/denoland/deno_config/pull/44).
|
|
Actual fix happened in https://github.com/denoland/deno/pull/22782, but
this commit adds additional tests and cleans up V8 flags passed on init.
Closes https://github.com/denoland/deno/issues/22123
Closes https://github.com/denoland/deno/issues/22560
Closes https://github.com/denoland/deno/issues/22557
|
|
Reverted in https://github.com/denoland/deno/pull/22625
|
|
|
|
The graph validation errors were displaying cryptically during publish.
This fixes that.
|
|
var (#22760)
An undocumented "DENO_DISABLE_PEDANTIC_NODE_WARNINGS" env
var can be used to silence warnings for sloppy imports and node builtins
without `node:` prefix.
|
|
|
|
We were missing saying that a file is CJS when some Deno code imported
from the node_modules directory at runtime.
|
|
(#22670)
The diagnostic was incorrect when importing a `.js` file with a
corresponding `.d.ts` file with sloppy imports because it would say to
change the `.js` extension to `.d.ts`, which is incorrect. We might as
well just hide this diagnostic.
|
|
reolution (#22682)
|
|
|
|
|
|
Co-authored-by: David Sherret <dsherret@users.noreply.github.com>
|
|
comments (#22666)
Caused by https://github.com/denoland/deno/pull/22553
Closes #22664
|
|
|
|
Improves #19100
Fixes #20356
Replaces #20428
Changes made in deno_core to support this:
- [x] Errors must be handled in setTimeout callbacks
- [x] Microtask ordering is not-quite-right
- [x] Timer cancellation must be checked right before dispatch
- [x] Timer sanitizer
- [x] Move high-res timer to deno_core
- [x] Timers need opcall tracing
|
|
This commit adds "deno add" subcommand that has a basic support for
adding "jsr:" packages to "deno.json" file.
This currently doesn't support "npm:" specifiers and specifying version
constraints.
|
|
Follow up to https://github.com/denoland/deno/pull/22631 that asserts
behavior when JSX and TSX files have and do not have pragmas with
`jsx*` config.
|
|
|
|
https://github.com/denoland/deno/pull/22590#discussion_r1502945984
|
|
This commit adds a warning when .jsx or .tsx is encountered during
publishing.
This is a stop-gap solution before we fix it proper.
|
|
appropriate times (#22611)
Some `deno_std` tests were failing to print output that was resolved
after the last test finished. In addition, output printed before tests
began would sometimes appear above the "running X tests ..." line, and
sometimes below it depending on timing.
We now guarantee that all output is flushed before and after tests run,
making the output consistent.
Pre-test and post-test output are captured in `------ pre-test output
------` and `------ post-test output ------` blocks to differentiate
them from the regular output blocks.
Here's an example of a test (that is much noisier than normal, but an
example of what the output will look like):
```
Check ./load_unload.ts
------- pre-test output -------
load
----- output end -----
running 1 test from ./load_unload.ts
test ...
------- output -------
test
----- output end -----
test ... ok ([WILDCARD])
------- post-test output -------
unload
----- output end -----
```
|
|
This reverts commit c2c4e745a5db4f2e53aa70bf22b6c828fa1b4040.
|
|
import from JSR (#22623)
A security feature of JSR is that it is self contained other than npm
dependencies. At publish time, the registry rejects packages that write
code like this:
```ts
const data = await import("https://example.com/evil.js");
```
However, this can be trivially bypassed by writing code that the
registry cannot statically analyze for. This PR prevents Deno from
loading dynamic imports that do this.
|
|
As we add tracing to more types of runtime activity, `--trace-ops` is
less useful of a name. `--trace-leaks` better reflects that this feature
traces both ops and timers, and will eventually trace resource opening
as well.
This keeps `--trace-ops` as an alias for `--trace-leaks`, but prints a
warning to the console suggesting migration to `--trace-leaks`.
One test continues to use `--trace-ops` to test the deprecation warning.
---------
Signed-off-by: Matt Mastracci <matthew@mastracci.com>
|
|
Closes https://github.com/denoland/deno/issues/22330
|
|
Supply chain security for JSR.
```
$ deno publish --provenance
Successfully published @divy/test_provenance@0.0.3
Provenance transparency log available at https://search.sigstore.dev/?logIndex=73657418
```
0. Package has been published.
1. Fetches the version manifest and verifies it's matching with uploaded
files and exports.
2. Builds the attestation SLSA payload using Github actions env.
3. Creates an ephemeral key pair for signing the github token
(aud=sigstore) and DSSE pre authentication tag.
4. Requests a X.509 signing certificate from Fulcio using the challenge
and ephemeral public key PEM.
5. Prepares a DSSE envelop for Rekor to witness. Posts an intoto entry
to Rekor and gets back the transparency log index.
6. Builds the provenance bundle and posts it to JSR.
|
|
resolution (#22602)
|
|
|
|
Migrations:
- snapshot code updated
- runtime stats API tweaks
|
|
Closes https://github.com/denoland/deno/issues/22491
|
